CVE-2023-21577: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop version 23.5.3 (and earlier) and 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed in February 2023 (Adobe Advisory, NVD).

The vulnerability is classified as an out-of-bounds read issue specifically within the parsing of embedded fonts. When processing crafted data in a font, it can trigger a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (ZDI Advisory).

The vulnerability could lead to disclosure of sensitive memory, which attackers could leverage to bypass security mitigations such as Address Space Layout Randomization (ASLR). This type of vulnerability could potentially be used in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users should update to versions newer than Photoshop 23.5.3 or 24.1 to mitigate this security issue (Adobe Advisory).